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Response to Amendment 

1. Applicant's arguments filed on July 17, 2007 have been 
considered and are not deemed persuasive. 

• Claims 5-7, 13 and 19 are amended. 

• Claims 1-34 are presented for examination. 

Response to Arguments 

2. In essence the Applicant argues, "Scheer does not disclose 
presenting identified ports to a user, as it discloses that the 
port settings are configured by the master configurer 102. 
(Paragraph 12, Lines 6-12)." and "Scheer cannot teach or suggest 
requesting the user to select among the identified ports for 
activation in the target server." (Page 12, first paragraph, 
pages 17, 18,20 and 23). Examiner notes that Scheer teaches, "A 
user may submit a first network design 112 to the master 
configurer 102. Alternatively, the user may use a wizard program 
having graphic user interface 228 that resides on the master 
configurer 102 to create the network design. Either way, the 
master configurer 102 receives the first network design 112 . . . 
The network settings may include the IP address assigned to 
various components in the network, port and socket settings, as 
well as other similar variables." (10012). Hence Scheer clearly 
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teaches receiving a network design parameter from a user 
including a design list of functions the target server to 
perform. Scheer teaches/ "The user may provide design list of 
functions that the server farm should perform, the amount and 
type of hardware components that populate the network, and the 
number of WAN IP addresses assigned to the network. The graphic 
user interface 228 may forward the information to the network 
topology logic block 226. The network topology block. 226 then 
uses an algorithm to determine the type or types of network 
topologies needed to meet the design list requirements submitted 
by the user." (50026-0027). It is the user that provides the 
information needed to configure the target server via the GUI 
228. Therefore, Scheer teaches the argued limitations. 
Applicant also argues "since Scheer cannot teach or suggest, 
"requesting the user to select among the identified ports for 
activation in the target server, " it follows that Scheer also 
does not teach or suggest, "identifying the selected ports as 
active ports and identifying unselected ports as inactive 
ports," as recited in claim 19. "(Page 17, third paragraph). 
Examiner notes Scheer teaches, "For example, the rule base may 
include a set of rules that govern what is and what is not 
allowed through the firewall. Firewall servers must be assigned 
to a certain IP address. E-mail servers and web servers must be 
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assigned to certain sockets and ports. " (10023). A rule base 
that includes what is and what is not allowed through firewall 
implies activating and deactivating certain ports and IP 
addresses . 

Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs 
of 35 U.S.C. 10.2 that form the basis for the rejections under 
this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published 
under section 122 (b) , by another filed in the United States before the 
invention by the applicant for patent or (2) a patent granted on an * 
application for patent by another filed in the United States before the 
invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the 
effects for purposes of this subsection of an application filed in the 
United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English 
language . 



3. Claims 1-5, 8-31 and 33-34 are rejected under 35 

U.S.C. 102(e) as being anticipated by Scheer et al Publication 

Number 20030131078 hereinafter "Scheer''. 



As per claim 1, Scheer teaches a method comprising: 

identifying at least one role associated with a target 
server (network component is identified as firewall server, web 
server and an email server I 0015-0018); 
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identifying one or more services associated with the role 
(A firewall server typically contains anti-virus and security 
software to protect the inner network components from a hacker 
or virus threat external to the local network 50018 and 20035); 
identifying one or more ports associated with the role (20023- 
0024); presenting the identified services and ports associated 
with the role to a user 20012 and 0023); and requesting the user 
to select among the identified ports for activation in the 
target server (20012-15 and 2 0022-0023) . 

As per claim 2, Scheer teaches the method as recited in claim 1 
wherein the identified services and ports are limited to those 
that are relevant based on information obtained from a knowledge 
base (database 236, fig. 2 stores information such as various 
typical network topologies 226, typical network configuration 
settings, generic digital images for servers, design rules, and 
pointers to the records tracker 234, as well as other 
information (2 0032 and 2 0022). 

As per claim 3, Scheer teaches the method as recited in claim 1 
wherein the identified services and ports are limited to those 
that are relevant based on information regarding a target server 
(2 0022-0023) . 
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As per claim 4, Scheer teaches the method as recited in claim 1 
further comprising activating the selected services and ports 
(Next, the master configurer 102 may consult a design rule logic 
block 220 to determine that the firewall server should be 
layered as the first device to receive incoming data packets (5 
0018 and 1 0022-0023) . 

As per claim 5, Scheer teaches the method as recited in claim 4 
wherein at least one of services associated with the role and 
the ports associated with the roles are identified from a 
knowledge base (Next, the master configurer 102 may consult a 
design rule logic block 220 to determine that the firewall 
server should be layered as the first device to receive incoming 
data packets (I 0018 and \ 0022-0023) . 

As per claim 8, Scheer teaches the method as recited in claim 1 
further comprising generating an output file containing services 
and ports selected by the user (10026-0027). 

As per claim 9, Scheer teaches the method as recited in claim 1 
further comprising displaying details regarding the role in 
response to a request by the user (10022-0027) . 



Application/Control Number: 10/611 ,372 Page 7 

Art Unit: 2153 

As per claim 10, Scheer teaches the method as recited in claim 1 
further comprising displaying a list of options for handling a 
service associated with the target server that is not defined in 
a knowledge base (10022-0027 and 0032) . 

As per claim 11, Scheer teaches the method as recited in claim 
10 further comprising requesting the user to select an- option 
for handling the service (50020-0023) . 

As per claim 12, Scheer teaches One or more computer-readable 
memories containing a computer program that is executable by a 
processor to perform the method recited in claim 1 (see fig. 2). 

As per claim 13 and 18-19, Scheer teaches the method comprising: 
identifying one or more roles associated with a target server; 
identifying one or more services associated with the roles; 
displaying the identified services associated with the roles (A 
wizard program may guide a user through a graphic user interface 
228 50022-0026); allowing a user to modify the displayed 
services (50022-0026) ; and identifying the modified services as 
active services and identifying the unmodified services as 
inactive services ("For example, the rule base may include a set 
of rules that govern what is and what is not allowed through the 
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firewall. Firewall servers must be assigned to a certain IP 
address. E-mail servers and web servers must be assigned to 
certain sockets and ports." (Selecting port 25 implies selecting 
SMTP service and a rule base that includes what is and what is 
not allowed through firewall implies activating and deactivating 
certain ports and/or IP addresses SI0022-0026) . 

As per claim 14, Scheer teaches the method as recited in claim 
13 wherein identifying services associated with the role 
includes retrieving data from a knowledge base (! 0018 and 1 
0022-0023) . 

As per claim 15, Scheer teaches the method as recited in claim 
13 further comprising generating an output file containing 
services modified by the user (5 0026-0027) . 

As per claim 16, Scheer teaches the method as recited in claim 
13 wherein the user is responsible for configuring the target 
server (SI0022-0027 ) . 

As per claim 17, Scheer teaches method as recited in claim 13 
further comprising generating an output file identifying active 
ports and inactive ports (50022-0027). 
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As per claim 20, Scheer teaches method as recited in claim 19 
further comprising generating an output file identifying ports 
selected by the user (50026-0027). 

As per claim 21, Scheer teaches method as recited in claim 19 
wherein the one or more ports are identified using information 
contained in a knowledge base (50022-0027 and 0032). 

As per claim 22, Scheer teaches method as recited in claim 19 
wherein the user is responsible for configuring the target 
server (50022-0027) . 

As per claim 23, Scheer teaches method as recited in claim 22 
further comprising : 

displaying one or more ports associated with the role 
(50015 and 50023) ; and 

requesting the user to select among the one or more ports 
to activate in the target server ((50015 and 50022-0026). 

As per claim 24, Scheer teaches one or more computer-readable 
memories containing a computer program that is executable by a 
processor to perform the method recited in claim 19. 
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As per claims 25 and 30, Scheer teaches an apparatus comprising: 

a pre-processor to receive information regarding 
server roles from a knowledge base and to receive 
characteristics of a target server (5 0018-0022 and 5 0032), 
wherein the pre-processor generates a file containing server 
role information relevant to the target server (see server role 
112 and 114. in fig. 2 and 5 0027), and wherein information in 
the file regarding services and ports associated with the server 
roles is presented to a user for selection (50012 and 0023- 
0026) ; and a configuration engine coupled to the pre-processor, 
wherein the configuration engine configures the target server 
based on the user's selection of services and ports (to 
configure web server one must select port 80 and similarly to 
mail server needs port 25 to be selected 50012-15 and 5 0022- 
0023) . 

As per claim 26, Scheer teaches the apparatus as recited in 
claim 25 further comprising a user interface application to 
generate an output file identifying services selected by the 
user (50022-0027) . 

As per claim 27, Scheer teaches the apparatus as recited in 
claim 25 further comprising a user interface application to 
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generate an output file identifying ports selected by the user 
(50022-0027) . 

As per claim 28, Scheer teaches the apparatus as 'recited in 
claim 26 wherein the configuration engine applies the output 
file when configuring .the target server (fig. 2, deployment 
logic 230; configuration 222 and (10022-0027) . 

As per claim 29, Scheer teaches the apparatus as recited in 
claim 27 wherein the configuration engine applies the output 
file when configuring the target server (SI0022-0027 ) . 

As per claim 31, Scheer teaches one or more computer-readable 
media as recited in claim 30 wherein the one or more processors 
further activate the selected services and ports during 
configuration of the target server (to configure web server one 
must select port 80 and similarly to mail server needs port 25 
to be selected 50012-15 and 5 0022-0023) . 

As per claim 33, Scheer teaches One or more computer-readable 
media as recited in claim 30 wherein the one or more processors 
further identify the one or more services and the one or more 
ports associated with the role are identified from a knowledge 
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base (SI 0028-0029) . 

As per claim 34, Scheer teaches One or more computer-readable 
media as recited in claim 30 wherein the one or more processors 
further display one or more options for handling a service 
associated with the target server that is not defined in a . 
knowledge base (SI 0022-0026) . 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which 
forms the basis for all obviousness rejections set forth in this 
Office action: 

(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

4. Claim 6 is rejected under 35 U.S.C. 103(a) as being 
unpatentable over Scheer et al Publication Number 20030131078 in 
view of Reddy et al US Publication Number (20030233431), 
hereinafter "Reddy". 
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As per claim 6, although Scheer shows substantial features of 
the claimed invention including digital image with operating 
systems (1002) , selecting a security level for the target server 
and identifying at least one role associated with the target 
server based on the selected security level (f 018-0023) , he does 
not explicitly show identifying an operating system level of a 
target server. 

Reddy whose invention is about "A method and system for 
configuring heterogeneous servers across a 'network through 
modules that can browse, snapshot, track changes, track 
compliance, correct server objects on each of the servers, and 
provision new servers. . (Abstract), discloses identifying an 
operating system level of a target server (1 0068) . 
It would have been an obvious to a person of ordinary skill in 
the art at the of the invention to modify Scheer with the system 
of Reddy so that target servers with particular operating 
systems are configured and updated with latest security patches 
and hot fixes (5 0086 and 0090) . 

Reddy further teaches determining one or more security .levels 
for the target server based on the identified operating system 
level of the target server (1 0067 and 1 0071); and 

selecting one of the determined security levels for the 
target server (1 0067; 1 0071; 1 0086-0090) . 
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5. Claims 7 and 32 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Scheer et al Publication Number 
20030131078 hereinafter "Scheer". 

As per claims 7 and 32, although Scheer shows substantial 
features of the claimed invention including configuring web 
server, email server and security services, he does not 
explicitly show deactivating unselected services and ports. 
Nonetheless, this feature is well known in the art and would 
have been an obvious to a person of ordinary skill in the art at 
the of the invention to deactivate unselected services and ports 
for the advantage of reducing unnecessary service running on the 
network and to avoid the vulnerabilities associated with the 
unnecessary ports. 

Conclusion 

j 

6. ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is 
reminded of the extension of time policy as set forth in 37 
CFR 1 . 136 (a) . 

A shortened statutory period for reply to this final action 
is set to expire THREE MONTHS from the mailing date of this 
action. In the event a first reply is filed within TWO MONTHS 
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of the mailing date of this final action and the advisory action 
is not mailed until after the end of the THREE-MONTH shortened 
statutory period, then the shortened statutory period will 
expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated 
from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than 
SIX MONTHS from the date of this final- action. 

The prior art made of record and not relied upon is 
considered pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Yasin 
Barqadle whose telephone number is 571-272-3947. The examiner 
can normally be reached on 9:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Glenn Burgess can be 
reached on 571-272-394 9. The fax phone numbers for the 
organization where this application or proceeding is assigned 
are 703-872-9306 for regular communications and 703-746-7238 for 
After Final communications. 

Any inquiry of a general nature or relating to the status 
of this application or proceeding should be directed to the 
receptionist whose telephone number is 703-305-3900. 
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Information regarding the status of an application may be 
obtained form the Patent Application Information Retrieval 
(PAIR) system. Status information for published applications may 
be obtained from either private PAIR or public PAIR system. 
Status information for unpublished applications is available 
through private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have 
questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free) . 
YB 
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